/// <summary>
/// Encrypt the file.
/// </summary>
/// <param name="encrypted">The encrypted data stream.</param>
/// <param name="filename">The path and file name to encrypt.</param>
/// <param name="publicKey">The public key used for encryption.</param>
/// <param name="protectedKeys">Should the public and secret key data be protected.</param>
/// <param name="integrityCheck">Should the cipher stream have an integrity packet associated with it.</param>
/// <param name="symmetricKeyAlgorithm">The symmetric key algorithm used for cryptography.</param>
public void Encrypt(System.IO.Stream encrypted, string filename, System.IO.Stream publicKey, bool protectedKeys = false, bool integrityCheck = false,
Nequeo.Cryptography.SymmetricKeyAlgorithmType symmetricKeyAlgorithm = Nequeo.Cryptography.SymmetricKeyAlgorithmType.Aes256)
{
// Read the public key data.
Key.Bcpg.OpenPgp.PgpPublicKey pgpPublicKey = ReadPublicKey(publicKey);
// If file is protected.
if (protectedKeys)
{
encrypted = new Key.Bcpg.ArmoredOutputStream(encrypted);
}
System.IO.Stream encOutput = null;
try
{
// Create the encypted data generator.
Key.Bcpg.OpenPgp.PgpEncryptedDataGenerator encryptedDataGenerator = new Key.Bcpg.OpenPgp.PgpEncryptedDataGenerator(
GetSymmetricKeyAlgorithm(symmetricKeyAlgorithm), integrityCheck, new Key.Security.SecureRandom());
encryptedDataGenerator.AddMethod(pgpPublicKey);
// The input data buffer.
Key.Bcpg.OpenPgp.PgpCompressedDataGenerator compressedData =
new Key.Bcpg.OpenPgp.PgpCompressedDataGenerator(Key.Bcpg.CompressionAlgorithmTag.Uncompressed);
// Write the encrypted data.
encOutput = encryptedDataGenerator.Open(encrypted, new byte[1 << 16]);
Key.Bcpg.OpenPgp.PgpUtilities.WriteFileToLiteralData(
compressedData.Open(encOutput),
Key.Bcpg.OpenPgp.PgpLiteralData.Binary,
new FileInfo(filename),
new byte[1 << 16]);
// Close the streams.
compressedData.Close();
encOutput.Close();
// If file is protected.
if (protectedKeys)
{
encrypted.Close();
}
}
catch (Exception)
{
throw;
}
finally
{
if (encOutput != null)
{
encOutput.Close();
}
}
}
/// <summary>
/// Encrypt the stream.
/// </summary>
/// <param name="encrypted">The encrypted data stream.</param>
/// <param name="input">The data to encrypt.</param>
/// <param name="publicKey">The public key used for encryption.</param>
/// <param name="protectedKeys">Should the public and secret key data be protected.</param>
/// <param name="integrityCheck">Should the cipher stream have an integrity packet associated with it.</param>
/// <param name="symmetricKeyAlgorithm">The symmetric key algorithm used for cryptography.</param>
public void Encrypt(System.IO.Stream encrypted, System.IO.Stream input, System.IO.Stream publicKey, bool protectedKeys = false, bool integrityCheck = false,
Nequeo.Cryptography.SymmetricKeyAlgorithmType symmetricKeyAlgorithm = Nequeo.Cryptography.SymmetricKeyAlgorithmType.Aes256)
{
// Read the public key data.
Key.Bcpg.OpenPgp.PgpPublicKey pgpPublicKey = ReadPublicKey(publicKey);
// If file is protected.
if (protectedKeys)
{
encrypted = new Key.Bcpg.ArmoredOutputStream(encrypted);
}
System.IO.Stream encOutput = null;
try
{
// Create the encypted data generator.
Key.Bcpg.OpenPgp.PgpEncryptedDataGenerator encryptedDataGenerator = new Key.Bcpg.OpenPgp.PgpEncryptedDataGenerator(
GetSymmetricKeyAlgorithm(symmetricKeyAlgorithm), integrityCheck, new Key.Security.SecureRandom());
encryptedDataGenerator.AddMethod(pgpPublicKey);
// The input data buffer.
byte[] buffer = Compress(input, Key.Bcpg.CompressionAlgorithmTag.Uncompressed);
// Write the encrypted data.
encOutput = encryptedDataGenerator.Open(encrypted, (long)buffer.Length);
encOutput.Write(buffer, 0, buffer.Length);
encOutput.Close();
// If file is protected.
if (protectedKeys)
{
encrypted.Close();
}
}
catch (Exception)
{
throw;
}
finally
{
if (encOutput != null)
{
encOutput.Close();
}
}
}
/// <summary>
/// Public and secret key provider.
/// </summary>
/// <param name="publicKey">The public key data.</param>
/// <param name="secretKey">The secret key data.</param>
/// <param name="keyID">The unique key id of the public secret key pair.</param>
/// <param name="password">The password used to protect the secret key.</param>
/// <returns>The RSA cryto service provider.</returns>
public RSACryptoServiceProvider PublicKeySecretKey(System.IO.Stream publicKey, System.IO.Stream secretKey, long keyID, string password = null)
{
// Read the public key data.
Key.Bcpg.OpenPgp.PgpPublicKey pgpPublicKey = ReadPublicKey(publicKey);
// Find the secret key
Key.Bcpg.OpenPgp.PgpPrivateKey privateKey = null;
Key.Bcpg.OpenPgp.PgpSecretKeyRingBundle secretKeyRingBundle =
new Key.Bcpg.OpenPgp.PgpSecretKeyRingBundle(Key.Bcpg.OpenPgp.PgpUtilities.GetDecoderStream(secretKey));
// Find the private key (secret key).
privateKey = FindSecretKey(secretKeyRingBundle, keyID, password.ToArray());
// Assign the rsa parameters.
RSAParameters rsaPrivateParam = new RSAParameters();
Key.Crypto.Parameters.RsaKeyParameters rsaPrivatePublic = (Key.Crypto.Parameters.RsaKeyParameters)pgpPublicKey.GetKey();
Key.Crypto.Parameters.RsaPrivateCrtKeyParameters rsaCrtPrivateParam = (Key.Crypto.Parameters.RsaPrivateCrtKeyParameters)privateKey.Key;
// Assign the rsa parameters.
rsaPrivateParam.D = rsaCrtPrivateParam.Exponent.ToByteArrayUnsigned();
rsaPrivateParam.DP = rsaCrtPrivateParam.DP.ToByteArrayUnsigned();
rsaPrivateParam.DQ = rsaCrtPrivateParam.DQ.ToByteArrayUnsigned();
rsaPrivateParam.InverseQ = rsaCrtPrivateParam.QInv.ToByteArrayUnsigned();
rsaPrivateParam.P = rsaCrtPrivateParam.P.ToByteArrayUnsigned();
rsaPrivateParam.Q = rsaCrtPrivateParam.Q.ToByteArrayUnsigned();
rsaPrivateParam.Modulus = rsaPrivatePublic.Modulus.ToByteArrayUnsigned();
rsaPrivateParam.Exponent = rsaPrivatePublic.Exponent.ToByteArrayUnsigned();
// Create the encyption provider.
RSACryptoServiceProvider rsaEncryptProvider = new RSACryptoServiceProvider();
rsaEncryptProvider.ImportParameters(rsaPrivateParam);
// Return the rsa provider.
return(rsaEncryptProvider);
}
/// <summary>
/// Verifies that a digital signature is valid by determining the hash value
/// in the signature using the provided public key and comparing it to the hash
/// value of the provided data.
/// </summary>
/// <param name="inputStream">The data that was signed.</param>
/// <param name="signature">The signature data to be verified.</param>
/// <param name="rsaProvider">The RSA crypto service provider.</param>
/// <param name="hashAlgorithm">The hash algorithm to use to create the hash value.</param>
/// <returns>True if the signature is valid; otherwise, false.</returns>
public bool VerifyData(Stream inputStream, byte[] signature, RSACryptoServiceProvider rsaProvider, Nequeo.Cryptography.HashcodeType hashAlgorithm = HashcodeType.SHA512)
{
Stream signatureInput = null;
try
{
// Export the signer public key parameters.
RSAParameters rsaPublicKeySignerParam = rsaProvider.ExportParameters(false);
Key.Crypto.Parameters.RsaKeyParameters rsaPublicKeySigner =
new Key.Crypto.Parameters.RsaKeyParameters(
false,
new Key.Math.BigInteger(1, rsaPublicKeySignerParam.Modulus),
new Key.Math.BigInteger(1, rsaPublicKeySignerParam.Exponent)
);
signatureInput = new MemoryStream(signature);
signatureInput = Key.Bcpg.OpenPgp.PgpUtilities.GetDecoderStream(signatureInput);
// Get the public key.
Key.Bcpg.OpenPgp.PgpPublicKey publicKey = new Key.Bcpg.OpenPgp.PgpPublicKey(Key.Bcpg.PublicKeyAlgorithmTag.RsaGeneral, rsaPublicKeySigner, DateTime.UtcNow);
Key.Bcpg.OpenPgp.PgpObjectFactory pgpFact = new Key.Bcpg.OpenPgp.PgpObjectFactory(signatureInput);
Key.Bcpg.OpenPgp.PgpSignatureList signatureList = null;
Key.Bcpg.OpenPgp.PgpObject pgpObject = pgpFact.NextPgpObject();
// If the message is compressed.
if (pgpObject is Key.Bcpg.OpenPgp.PgpCompressedData)
{
// Get the compression object.
Key.Bcpg.OpenPgp.PgpCompressedData compressedData = (Key.Bcpg.OpenPgp.PgpCompressedData)pgpObject;
pgpFact = new Key.Bcpg.OpenPgp.PgpObjectFactory(compressedData.GetDataStream());
signatureList = (Key.Bcpg.OpenPgp.PgpSignatureList)pgpFact.NextPgpObject();
}
else
{
// Get the message list.
signatureList = (Key.Bcpg.OpenPgp.PgpSignatureList)pgpObject;
}
// Load the public key into the pgp signer.
Key.Bcpg.OpenPgp.PgpSignature pgpSignature = signatureList[0];
pgpSignature.InitVerify(publicKey);
int ch;
while ((ch = inputStream.ReadByte()) >= 0)
{
// Update the generator.
pgpSignature.Update((byte)ch);
}
// Verify the signature.
if (pgpSignature.Verify())
{
// signature verified.
return(true);
}
else
{
// signature verification failed.
return(false);
}
}
catch (Exception)
{
throw;
}
finally
{
if (signatureInput != null)
{
signatureInput.Close();
}
}
}